05/04/2020, 12:28 PM
Hi team, Can someone explain how I can create a 'Modify' policy assignment for enforcing tag creation please using the InBuilt Microsoft policy definition in Azure? When I try and do this through the Pulumi API I can create the policy assignment correctly as follows:
const createAutoTaggingPolicyAssignment = (tag: string, 
        resourceGroup: azure.core.ResourceGroup, context: ExecutionContext) => {
            const policy = getPolicyDefintion({displayName: 'Inherit a tag from the resource group if missing'});
            new azure.policy.Assignment(`tag-${tag}`, {
                displayName: `enforce tagging with ${tag}`,
                description: `enforce the tagging of resources with the ${tag} tag`,
                location: context.region,
                identity: {
                    type: 'SystemAssigned'
                policyDefinitionId: pulumi.interpolate`/subscriptions/${context.subscriptionId}${policy.then(p =>}`,
                scope: pulumi.interpolate`/subscriptions/${context.subscriptionId}/resourceGroups/${}`, 
                parameters: `{"tagName" : {"value": "${tag}"} }`
The policy assignment is created however, it is not linked to the policy definition correctly? If i run the equivalent command through the az cli the policy gets created and is associated with the definition ok?
az policy assignment create --name tag-platform --scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxx --policy "ea3f2387-9b95-492a-a190-fcdc54f7b070" --params "{'tagName':{'value': 'tag'}}" --location northeurope --assign-identity
It has to be to do with how the policyDefinitionId is setup within the Pulumi createAssignment script, but it parses the Up process correctly? Many thanks.